Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

ITSM best practices and service access: where IAM teams should look


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: ITSM practices can improve service quality, efficiency, and self-service, but Zluri’s analysis also shows they only work when approval flows, access requests, and provisioning are tightly governed. The deeper issue is that service management becomes an identity control problem as soon as tickets drive access decisions.

NHIMG editorial — based on content published by Zluri: Best Practices 5 ITSM Best Practices for Organizations

By the numbers:

Questions worth separating out

Q: How should security teams govern self-service access in ITSM workflows?

A: Treat self-service as a governed access path, not a convenience layer.

Q: Why do ITSM tools often create identity governance gaps?

A: They are usually designed to move tickets, not to enforce ownership, expiry, or recertification.

Q: What breaks when service requests are not tied to access approvals?

A: The workflow loses its control point and becomes a fast route to privilege sprawl.

Practitioner guidance

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

  • Step-by-step examples of how the ITSM practices are applied in day-to-day service operations
  • The product-oriented explanation of Zluri's Employee App Store and SaaS approval workflow flow
  • The vendor's guidance on app visibility, license assignment, and request handling for new joiners
  • The practical onboarding and adoption angles that support IT operations teams

👉 Read Zluri's ITSM best practices article for service management and access workflow detail →

ITSM best practices and service access: where IAM teams should look?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

ITSM is an identity governance surface, not just an operations discipline. The article treats service management as a way to improve speed, quality, and customer satisfaction, but the underlying control plane is access. Every request, approval, and fulfilment step changes who or what can do what inside the environment. That means ITSM maturity should be judged partly by how well it preserves ownership, auditability, and lifecycle control across services. Practitioners should stop treating service desk design and identity design as separate conversations.

A few things that frame the scale:

  • Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to The 2026 Infrastructure Identity Survey.
  • Organisations that describe themselves as confident in their AI deployment actually experience a 72% security incident rate, compared to 33% for those who remain cautious, according to The 2026 Infrastructure Identity Survey.

A question worth separating out:

Q: How do organisations measure whether ITSM is improving identity governance?

A: Use access-focused metrics alongside service metrics. Track approval latency, exception rates, orphaned access, and deprovisioning completion, then compare those numbers with ticket throughput and uptime. If the process is fast but leaves stale access behind, it is optimising service delivery at the expense of governance.

👉 Read our full editorial: ITSM best practices expose the identity governance gap in service access



   
ReplyQuote
Share: